Spotfire takes its security responsibilities very seriously. This page provides information about Spotfire security and how customers or security researchers can contact Spotfire to report or ask about a security issue.
For the purposes of addressing and disclosing vulnerabilities, Spotfire has adopted policies and practices in alignment with industry best-practices. Spotfire treats the users of our software equally with respect to vulnerability disclosure and remediation. We also understand the critical role security researchers play in helping to keep our products secure. For the protection of Spotfire product and service users, Spotfire generally does not disclose, discuss, or confirm security issues until a full investigation is complete and any necessary remediations are available.
Spotfire was until recently a part of TIBCO, but is now a separate business unit, alongside TIBCO, within the Cloud Software Group. For now, Spotfire still operates as described in the TIBCO Vulnerability Disclosure Policy. For security-related information for the Cloud Software Group, please refer to the Cloud Software Group Trust Center.